← Back

Zoneminder

zoneminder

85 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Zoneminder
zoneminder
85 CVEs

CVEs (85)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-6755
1Zoneminder
1Zoneminder
Apr 23, 2026
Apr 27, 2009
N/A· v4
N/A· v3
5.0 MEDIUM· v2
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1)...Show more
ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.Show less
CVE-2008-3882
1Zoneminder
1Zoneminder
Apr 23, 2026
Sep 2, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state par...Show more
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.Show less
CVE-2008-3881
1Zoneminder
1Zoneminder
Apr 23, 2026
Sep 2, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.
CVE-2008-3880
1Zoneminder
1Zoneminder
Apr 23, 2026
Sep 2, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.
CVE-2008-1381
1Zoneminder
1Zoneminder
Apr 23, 2026
May 1, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.